DEBIAN-CVE-2016-3674

DEBIAN-CVE-2016-3674 PUBLISHED CVSS 7.5 HIGH

Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document.

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
Debian:11	libxstream-java	0, 0, 0
Debian:13	libxstream-java	0, 0, 0
Debian:14	libxstream-java	0, 0, 0
Debian:12	libxstream-java	0, 0, 0

Timeline

May 17, 2016 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2016-3674 advisory

Open in Interactive Console →